Latest Posts

ESD Decryption Update KB3159706 Breaks WSUS on Server 2012 R2

Microsoft recently released an update KB3159706 that enables WSUS for Windows Server 2012/R2 to natively decrypt certain feature updates which are staged in encrypted packages. This is great, especially because this update supposedly fixes an issue with a previous update KB3148812. This update has however been found to break WSUS in Server 2012 R2. I was able to replicate this behavior in my lab environment.

My lab environment features a simple WSUS installation integrate with ConfigMgr Software Update Point (SUP). As seen below, after the update is installed the WSUS service crashes and fails to restart, and this adversely affects the SUP role in ConfigMgr.

I also determined that uninstalling the update addressed the issue, but a better fix, recommended by Microsoft, is to complete required manual steps in order to complete the update installation. The required manual steps are as follows:

Open an elevated Command Prompt window, and then run the following command (case sensitive, assume “C” as the system volume):

Add the following attribute (shown in bold) to the bottom of the Web.Config file:
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”multipleSiteBindingsEnabled=”true” />
</system.serviceModel>

Author, consultant, strategist and thought leader who is passionate about data-driven management and architecture. Chiyo excels at helping clients think strategically about how to use technology to optimize the service delivery to the business, and to create fundamental business change and value.